Mark Andrews wrote: >> There is no workaround available, but systems which are not authoritative >> servers for DNSSEC signed zones are not affected by the first issue; and >> systems which do not permit untrusted users to perform recursive DNS >> resolution are not affected by the second issue. Note that the default >> configuration for named(8) in FreeBSD allows local access only (which on >> many systems is equivalent to refusing access to untrusted users). > > From ISC's advisary (which I authored). > > Workaround: > > Disable / restrict recursion (to limit exposure).
Considering that the only FreeBSD systems which permit recursive queries are those which have been specifically configured to do so, I don't consider this to be a workaround. DoS by administrator is no better than DoS by attacker. Colin Percival _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
